package com.skaz.security;

import com.skaz.Constants;
import com.skaz.cache.CacheTemplate;
import com.skaz.util.Apps;
import com.skaz.util.Jwts;
import lombok.AllArgsConstructor;
import lombok.NoArgsConstructor;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;

import javax.servlet.http.HttpServletRequest;

/**
 * @Author: jungle
 * @Date: 2018/11/8 11:30 AM
 */
@AllArgsConstructor
@NoArgsConstructor
public class SecurityManager {

    private CacheTemplate cacheTemplate;

    /**
     * 登录
     *
     * @param principal
     * @param request
     * @return
     */
    public String login(UserDetails principal, HttpServletRequest request) {
        String token = Jwts.createToken(principal.getUsername());
        SecurityAuthentication authentication = new SecurityAuthentication(token, principal);
        authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
        SecurityContextHolder.getContext().setAuthentication(authentication);
        return token;
    }

    /**
     * 权限检查过滤
     *
     * @param token
     * @param request
     */
    public void filter(String token, HttpServletRequest request) {
        if (Jwts.validateToken(token)) {
            String subject = Jwts.getSubject(token);
            if (subject != null && subject.length() > 0) {
                SecurityAuthentication authentication = this.getSession(subject);
                if (authentication != null) {
                    if (token.equalsIgnoreCase(authentication.getToken())) {
                        authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                        SecurityContextHolder.getContext().setAuthentication(authentication);
                        this.refreshSession(authentication);
                    }
                } else {
                    throw new AccountExpiredException(Constants.ERROR_STATUS_401_EXPIRED_MSG);
                }
            }
        }
    }


    /**
     * 注销
     */
    public void logout() {
        HttpServletRequest request = Apps.getHttpServletRequest();
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null) {
            this.delSession(authentication, request);
            SecurityContextHolder.clearContext();
        }

    }

    /**
     * 刷新session
     *
     * @param authentication
     */
    private void refreshSession(SecurityAuthentication authentication) {
        //TODO 刷新session
    }


    /**
     * 获取session
     *
     * @param subject
     * @return
     */
    private SecurityAuthentication getSession(String subject) {
        //TODO 根据subject获取session
        return null;
    }

    /**
     * 设置session
     *
     * @param authentication
     */
    private void setSession(SecurityAuthentication authentication) {
        //TODO 设置session到本机缓存或者remote
    }


    /**
     * 删除session
     *
     * @param authentication
     * @param request
     */
    private void delSession(Authentication authentication, HttpServletRequest request) {
        //TODO 删除本机和remote的session
    }
}
